WordPress Update v4.9.6, Privacy and GDPR

On Thursday, WordPress version 4.9.6 was released. For those of you who follow such updates, this one included 95 updates from data handling to PHP polyfills.  However, the vast majority of small business (medium and large too) webmasters will be focusing on updates regarding the addition of a new ‘Privacy’ link under general admin settings.

Using this new feature, site owners can now designate a privacy policy page.  In fact, the team at WordPress actually refers to this version update as a privacy and maintenance release.  So, why all the sudden focus on ‘privacy’ these days?  Unless you’ve been living under a rock, you may have heard the term “GDPR” in the news during the month of May.  This release has to do with this General Data Protection Regulation (GDPR) in short.

What does GDPR have to do with MY website?

WordPress 4.9.6 GDPR PrivacyGDPR is a European Union initiative that will take place on May 25th, 2018.  Yes, it’s a European regulation to be sure, but the requirements apply to all sites and online businesses that collect, store or process personal data about EU residents.  Thanks to the internet’s global reach, most any and every website can (and probably does) potentially touch an EU resident at some point if not already.

Have you noticed the flurry of popups across larger sites from FaceBook to Amazon describing how they collect and use personal information?  It’s not just the large sites…smaller ones have just as much international reach potential, regularly setting cookies for tracking, etc.

In an effort to comply with GDPR, WordPress now makes even the smallest website owners aware of privacy policy best practices.  They now make it very easy to both remind and easily allow site owners to create a privacy policy page for their website.

Aside from the basic privacy policy page, it’s now possible to both export or completely erase a user’s personal data from your WordPress website.  This includes data that was collected by any participating plugins on your site (whether you knew they were collecting data or not!)  You’ll find two new admin links under ‘Tools’ that allow you to ‘Export Personal Data’ as well as ‘Erase Personal Data’ for selected users on your system.

No matter the size of a business site using WordPress these days, odds are pretty good that there is at least one plugin installed which collects some sort of personal data.  If that’s your website, you’ll need a privacy page immediately.

Get your website updated to 4.9.6 and set your privacy page today!

How can my business site comply with GDPR?

First off, many website owners in the United States are wondering…can a privacy law enacted by the EU really affect my website?  Yes, it can.  Just look at the 2016 EU-US Privacy Shield, a framework for personal data exchanges between the EU and US.  Passing personal data between these two is serious and the activity is well recognized by our country.

So unless you are 100% sure that absolutely no EU resident will EVER come across your website or mobile application, you should comply by addressing the following:

  1. Make sure your site’s privacy policy is displayed on all pages and that it is easy to access.
  2. Keep it updated.  Let users on your site know when there are changes.
  3. Keep your privacy policy clear and easy to undersand.
  4. Clearly state who you are, the legal name of your business and if it’s controlled by another company.
  5. Inform clearly the physical location of your business.
  6. Consider answering the following in your privacy policy:
    1. What kind of data you collect
    2. Why you collect it
    3. How it was obtained exactly
    4. How long you will keep it
    5. Who secure it is on your site
    6. Whether you share it (and why)

Remember…the GDPR defines the rights of users on websites.  Those rights include:

  1. The ability to access, view and edit their own information in a timely fashion
  2. The right to be erased from your system should they request
  3. The right to object to direct marketing from your site/brand

Need a concise example of a privacy policy that is well done and thorough?  Try the ALDO shoes website privacy policy here.